Interesting post, thanks, glad someone is following these developments closely. You couldn’t be more right when saying “National and international security organisations (think of police, military, departments of justice and interior etc) however perceive the situation influenced by their organisation’s agenda.” Case in point, is the ongoing power struggle among gov’t agencies in Washington DC to determine which one should be in control of regulating security for the Internet’s “critical infrastructure”. See e.g., http://thehill.com/blogs/hillicon-valley/technology/152145-commerce-postpones-cybersecurity-hearing and http://thehill.com/blogs/hillicon-valley/technology/150119-langevin-introduces-cybersecurity-bill?utm_campaign=HilliconValley&utm_source=twitterfeed&utm_medium=twitter I think you would agree that how these debates relate to geopolitics of Internet governance (e.g., optics to those outside of US, long term effects on global Internet standards etc.) is under appreciated.

Thanks for the review. The main contribution of the paper was actually the evidence of systematic bias and particularly the way information removal is used to facilitate this. I’m hoping others will comment on the types of Wikipedia users we have introduced and suggests focused ways of combating the problems some types of uses intentionally introduce.

Happy to receive any further thoughts you have over e-mail.

- Andre

The research this data was used for didn’t only cover Germany and compared German ISPs, but a good deal more countries and their ISPs. Hence, the focus for the statistical model used in the study might not have been to ensure fair comparison of anti-botnet performance among distinct ISPs in one country. Your input may help to adopt the existing model and take all the points into consideration you’ve mentioned above. If your criticism is valid. Let’s go to the details.

(The following arguments are based on a conversation I just had with Hadi Asghari, who is currently attending a workshop an therefore can’t comment here.)

The question about where 1&1 access customers are listed is a tough one, indeed, and needs to be answered. It is nevertheless correct that at this point an ASN is not broken down on the national level. The simple reason for this is that such detailed IP-range information was not available. If you have such information and are willing to provide it, the stats will happily be recalculated.

The identification of spam sources is based on logged IP addresses of the spam connection on the spam-trap. Hence, faking headers will not change the results. In addition, spam coming through the mail system is counted. But in fact, when looking at bot infections, access spam might be more relevant.

obviously, there must be something wrong with this statistic, too.
If the SPAM percentage of any one of the big players actually was lower than one thirtieth of the next best we would conclude
- this player should never be found on _any_ blacklist
- the abuse-department is acting over-zealous and actively harassing customers with less then perfect newsletters.
More realistically, while I have no doubt that the data itself is correct, the presentation is at least a bit biased.
First of all 1&1 access-(dial-up,dsl, …)-customers are not listed in their own AS, but in those of the reselling partners (Deutsche Telekom, O2 and probably others). On which side are they included in the number of subscribers?
Secondly, the calculation of “unique SPAM sources” is technically difficult and error prone. How can one be sure not to “fall” for every fake “received” header of the spammers while at the same time include all “unique” sources that are routed through the same mail-system?
Given these difficulties, I guess the numbers would become more meaningful if all “access-spam” would be disregarded completely — some don’t even regard it as “real” SPAM as it is obvious and easily filtered.

All in all this statistic serves more to show what can be done with seemingly objective numbers — in which I regard it as a great addition to the discussion — than it does tell us anything about how spammy one business is in comparison to another.

Interestingly, founding foundations seems to become more and more the way to go in the realm of commons-based peer production, as is evidenced by the newly founded “The Document Foundation” (see The Foundation Model).

Hope to stay in touch!